Releases: passteque/gluetun
Releases · passteque/gluetun
v3.19.1
Bug fixes
- Fix IPVanish TLS verification
See https://github.com/qdm12/gluetun/releases/tag/v3.19.0 for more information
v3.19.0
Features
- IPVanish support (#475, #410, $416)
- VPN Unlimited support (#499, #420)
- IVPN: add Bulgaria and Spain servers
- Improve Cyberghost updater by waiting up to 20 seconds for repeated DNS resolutions
- PureVPN: update server information
Fixes
- IVPN: use name prefix for TLS check instead of full hostname
- PureVPN: change default cipher to
AES-256-GCM - Custom openvpn config:
- Fix settings log
- Only use and write OpenVPN auth file if openvpn user is set
remoteOpenVPN configuration line- Custom cipher
OPENVPN_CIPHERfor OpenVPN 2.5
- PIA:
noneencryption preset- Set
cipherandauthtonone - Add
ncp-disableOpenVPN option
- Set
- Prevent exit race condition for program loops
Documentation
- Change docker-compose.yml to not use secrets
- Clarify setup instructions for 32 bit
- Add maintenance document
- Issue templates
- add how to use code highlighting
- Help issues: add Github discussions link
Maintenance
CI
- Faster cross Docker builds by properly pulling build platform specific
qmcgaw/xcputranslate - Avoid cross Docker build out of memory errors using the
xcputranslate sleepfeature - Better Docker layer caching for rebuilds
- Install
g++inbasestage before copying code - Install
xcputranslatein base stage before copying code - Install
golangci-lintin base stage before copying code
- Install
- Upgrade
qmcgaw/xcputranslateto fromv0.4.0tov0.6.0 - Deduplicate Dockerfile base stage build
- Dockerfile test stage has its entrypoint set to run tests
Code
- Use
github.com/qdm12/goshutdown@v0.1.0instead ofinternal/shutdown - Upgrade
golangci-linttov1.41.1 - Update list of golangci-lint linters
- Replace
golintwithrevivelinter
- Replace
- Upgrade
golang/mocktov1.6.0 - Remove dependency on
github.com/kyokomi/emoji - Upgrade
github.com/fatih/colortov1.12.0 - Upgrade
github.com/qdm12/dnstov1.8.0 - Upgrade
github.com/qdm12/golibs - Upgrade
github.com/qdm12/updated
v3.18.0
Features
- IVPN support
OPENVPN_VERSIONwhich can be2.4or2.5to choose your OpenVPN program version at runtime- Filter Cyberghost servers by
SERVER_HOSTNAME - Filter Mullvad servers by
SERVER_HOSTNAME - Filter NordVPN servers by
SERVER_HOSTNAMEand/orSERVER_NAME - Filter Privado servers by
COUNTRY,REGIONand/orCITY - Filter Private Internet Access servers by
SERVER_HOSTNAMEand/orSERVER_NAME - Filter ProtonVPN servers with
FREE_ONLY - Filter PureVPN servers by
SERVER_HOSTNAME - Filter Surfshark servers by
SERVER_HOSTNAME - Multiple IP addresses for each:
- Torguard server
- Windscribe server
- Private Internet Access server
- All hardcoded server information updated
- Support
noneencryption preset for Private Internet Access - Log Alpine version at start
NET_ADMINtip logged when a routing permission error occurs- Create
/gluetunif it does not exist
Bug fixes
- ProtonVPN
SERVER_NAMEenvironmnent variable reading - Fix Mullvad servers filtering (see #444)
- Record TCP and UDP support for each PureVPN server
- Only teardown routing configuration if changes to routing occurred
- Fix VyprVPN port
- Fix missing OpenVPN
authoverrides - Only set OpenVPN
fast-iooption when using UDP - Upgrade dependencies to fix dependency vulnerabilities
golang.org/x/systo current versiongithub.com/qdm12/dnsfromv1.4.0tov1.7.0github.com/qdm12/ss-serverfromv0.1.0tov0.2.0
- Fix rebinding protection for IPv6 mapped IPv4 networks
- Use
netaddrpackage for DNS blacklisting
- Use
- Log custom port only if set (for Private Internet Access and Windscribe)
- Change log level for OpenVPN TLS error from debug to warn
- Servers listen on all IP interfaces with
:<port>, not just IPv4 with0.0.0.0:<port> - HideMyAss hostname choices
- HideMyAss OpenVPN configuration
remote hostname portline
Changes
- Do not exit program on an OpenVPN configuration error
- Keep firewall enabled on shutdown to avoid leaks
- Shadowsocks password is now compulsory
Documentation
- Issue template warnings about answering all questions
Maintenance
- Refactor
internal/updaterpackage- Require at least 80% of current number of servers to update server information
- Each provider is in its own package with a common structure
internal/updater/unzippackage withUnzipperinterfaceinternal/updater/openvpnpackage with extraction and download functions
- Improve
internal/storagepackage:- Add missing server merging logic
logTimeDiffshared function
- Add unset
SERVER_NAMEin Dockerfile - Improve
internal/publicippackage:- Exported
Resultstruct - Parallelize IP information fetch
- Exported
- Snyk code security analysis for Go code and Docker image
- Common server not found error builder
- Improve
internal/updater/providers/torguard- Fallback on IP from configuration file if DNS resolution fails
- Download both TCP and UDP zip files to detect support for each
- Filter Torguard servers by protocol (although all support TCP and UDP, so not a feature really)
- Improve
internal/updater/providers/vyprvpn- Extract from each server configuration if the server supports TCP and/or UDP (never TCP for now)
- Filter VyprVPN servers by protocol (although all support only TCP for now, so not a feature really)
internal/updater/providers/pia: re-fetch PIA API to obtain more server informationinternal/routing: improve error wrapping- Network protocol as boolean in code to avoid possible coding errors
internal/provider: split each provider in its own packageinternal/alpine: improve error wrappingcmd/gluetun/main.go:- Shutdown order, added in
internal/shutdownpackage- Order of threads to shutdown (control then tickers then health etc.)
- Rely on closing channels instead of waitgroups
- Move exit logs from each package to the shutdown package
- Use Go 1.16's
signal.NotifyContext - Improve
printVersionfunction- Print program versions in order given
- Exit program on any error as each program is required
- Shutdown order, added in
- Generate OpenVPN configuration valid for OpenVPN
2.4or2.5depending on the current version Dockerfile:- Remove outdated comments
- Remove unused openvpn installed shell script and library files
- Use
ioinstead ofioutilwhenever possible - Upgrade qdm12/golibs (affects logger)
- Upgrade golangci-lint to
v1.40.1- Add more linters to
.golangci.yml
- Add more linters to
- Dependabot
- Bump actions/checkout from 2 to 2.3.4 (#453)
v3.17.0
Features
- Upgrade Alpine from 3.12 to 3.13
- Upgrade
openvpnfrom 2.4.10 to 2.5.1 - Upgrade
unboundfrom 1.10.1 to 1.13.0 - Upgrade
iptablesfrom 1.8.4 to 1.8.6 - Protonvpn support (#437 clone on #434)
- Restart Openvpn if the container is unhealthy (#417 & #441)
- Block IPv6 traffic (#428)
- Update server information
- Cyberghost
- FastestVPN
- HideMyAss
- Privado
- PrivateVPN
- Private Internet Access
- PureVPN
- Surfshark
- VyprVPN
- Clear firewall rules on shutdown (issue #276)
Feature: more robust updater DNS resolution- Parallel resolver to resolve multiple hosts
- Repeat resolver to repeat resolution for a single host
- Additional parameters for fault toleration
- Do not update servers if 10% of DNS resolutions failed
resolverpackage ininternal/updaterpackage
Fixes
- Replace Surfshark default cipher with
aes-256-gcm - Block IPv6 traffic (#428)
- Remove
pull-filter ignore ping-restartopenvpn instructions
Maintenance
- Upgrade
golangci-linttov1.39.0 - Improve error wrapping in the
firewallpackage - Dev container changes
- Bind mount for root only
- Support for Windows HyperV bind mounts
- Run
go mod tidyaftergo mod downloadon container creation - Use
:zflag for possibly shared bind mounts - Bind mount
~/.zsh_history - Bind mount
~/.dockerconfig directory
v3.16.0
Fixes
- Fix PIA port forwarding (#427) and remove the TLS x509 ignore CN instruction
- Add more Surfshark servers
- Add servers missing from surfshark zip file
- Re-add multihop servers (see #424)
- Fix logic to try resolving old vpn servers for Surfshark
- Change PIA settings more closely to their official configuration
- Restrict route listing to IPv4 only (#419)
- More resilient updater DNS resolution retry mechanism
- Use
8.8.8.8as the CLI updater DNS server as1.1.1.1would not do some of the resolutions
Features
- Hide My Ass VPN provider (#401)
- PrivateVPN support (#393)
- FastestVPN support (#383)
- Custom openvpn configuration file (#402)
- Uplift the 'localSubnet' concept to cover all local ethernet interfaces (#413)
Maintenance
- Upgrade logging library (shorter lines, less external dependencies)
- Upgrade Go from 1.15 to 1.16
- Build Docker images for all CPU architectures on branches
- Use native Go HTTP client for updater
- Upgrade gomock from 1.4.4 to 1.5.0 (#394)
- Sort providers alphabetically in code
- Simplify environment variables comments in Dockerfile
- Return deduplicated choices from server filter options
- Upgrade golangci-lint to 1.37.0
Documentation
- Update
New providerissue template
v3.15.0
Features
- Torguard support
Bug fixes
- Privado
SERVER_HOSTNAMEselection - HTTP Proxy returns response of a redirect and do not follow it
- Updater for TCP servers for PIA
- Firewall settings parsing for
FIREWALL_VPN_INPUT_PORTS - HTTP proxy settings parsing for
HTTPPROXY_PASSWORDandHTTPPROXY_LOG
Maintenance
- No sleep for last DNS resolution in updater
- Remove support for s390x as it would cause CI build to fail
- Deduplicate PIA servers by protocols
Documentation
- New provider issue template
- Update existing issue templates
v3.14.0
Features
- Openvpn: add pull filter to ignore
ping-restartinstructions so Openvpn exits on error (and gets restarted by the program) - Openvpn: runs as root by default to avoid permission errors, as the entrypoint must run with root anyway. This has more benefits than disadvantages.
- Logging: initial settings log improved
- Logging: log country, region and city corresponding to the public IP address, obtained from https://ipinfo.io, every time openvpn establishes a connection
- Logging: Only log a health message once when the health state changes from unhealthy to healthy or from healthy to unhealthy
- Updater: updater does DNS resolutions during longer periods (20 seconds, all in parallel) in order to obtain a larger pool of IP addresses per VPN server hostname
Bug fixes
- Nordvpn & Windscribe: empty 'nil' connection bug fix
- Windscribe: TLS keys out of sync fixed by adding
reneg-sec 0andncp-disableoptions to the openvpn configuration - Windscribe: Fix
SERVER_HOSTNAMEto be non compulsory asHOSTNAMEwas conflicting with the options - Updater: uses plaintext DNS and not Unbound in order to resolve all hostnames without getting blocked
Maintenance
- Merging
settingsandparamspackage into a newconfigurationpackage to simplify future maintenance - Add package comments to statisfy new linting rules
- Remove type aliases in order to support proto generated structures for a better API
v3.13.1 - Empty connection fix for NordVPN and Windscribe
Fix: Empty connections for NordVPN and Windscribe
v3.13.0 - Servers information updated
Features
- Update all hardcoded servers information, notably for Private Internet Access and Surfshark
- Update servers information with more IP addresses
- Private Internet Access custom port with environment variable
PORT
Bug fixes
- Update mechanism for Private Internet Access
- Separate TCP and UDP servers as they have different CNs
- Fallback to Alpine 3.12 for 32 bit compatibility
- Fix public IP fetching not triggering on openvpn restarts (fixing #359)
- Fix exit race condition if DNS over TLS setup would not complete
- Fix route option for PureVPN
- CLI operations context passed from top level so a system interrupt now stops the operations
- Only log a subprocess error if it's not nil
Maintenance
- Improve stream merging for openvpn and unbound
- Add panic checks for empty connection passed to firewall
v3.12.2 - Empty connection fix for NordVPN and Windscribe
Fix: Empty connections for NordVPN and Windscribe